WPA2 KRACK Fallout in the Enterprise
WiFi networking pros sort out details about the security flaws and take steps to shore up business WLANs.
WPA2 KRACK Fallout in the Enterprise
WiFi networking pros sort out details about the security flaws and take steps to shore up business WLANs.
KRACK proves we need more encryption on the Internet
A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption, opening your data up to eavesdropping. This, combined with issues in Linux and Android, make it possible for attackers to change websites you view. This is a serious problem for Wi-Fi Protected Access 2 (WPA2), a protocol used in millions of networks worldwide.
Luckily, the use of Transport Layer Security (TLS) is on the rise. Mozilla’s data shows that over 60% of pages loaded in Firefox use TLS. More and more companies are using encryption for all traffic and removing the ability to connect to unencrypted versions of their sites. When connecting to these sites, KRACK isn’t as big of a deal, because the data is encrypted before it’s sent across Wi-Fi. Even if WPA2 is broken, the data is still secure.
Unfortunately there are still millions of sites that don’t provide this security. Their users are vulnerable to eavesdropping, fake content, malware injection, and more. We need more companies and operators to use TLS and HTTP Strict Transport Security (HSTS) to mitigate the potential impact of KRACK.
Internet traffic exists in layers, which makes it possible to use more Continue reading
KRACK proves we need more encryption on the Internet
A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption, opening your data up to eavesdropping. This, combined with issues in Linux and Android, make it possible for attackers to change websites you view. This is a serious problem for Wi-Fi Protected Access 2 (WPA2), a protocol used in millions of networks worldwide.
Luckily, the use of Transport Layer Security (TLS) is on the rise. Mozilla’s data shows that over 60% of pages loaded in Firefox use TLS. More and more companies are using encryption for all traffic and removing the ability to connect to unencrypted versions of their sites. When connecting to these sites, KRACK isn’t as big of a deal, because the data is encrypted before it’s sent across Wi-Fi. Even if WPA2 is broken, the data is still secure.
Unfortunately there are still millions of sites that don’t provide this security. Their users are vulnerable to eavesdropping, fake content, malware injection, and more. We need more companies and operators to use TLS and HTTP Strict Transport Security (HSTS) to mitigate the potential impact of KRACK.
Internet traffic exists in layers, which makes it possible to use more Continue reading
IS-IS Multi Instance: RFC8202
Multi-Instance IS-IS
One of the nice things about IS-IS is the ability to run IPv6 and IPv4 in the same protocol, over a single instance. So long as the two topologies are congruent, deploying v6 as dual stack is very simply. But what if your topologies are not congruent? The figure below illustrates the difference.
In this network, there are two topologies, and each topology has two different set of level 1/level 2 flooding domain boundaries. If topology 1 is running IPv4, and topology 2 is running IPv4, it is difficult to describe such a pair of topologies with “standard” IS-IS. The actual flooding process assumes the flooding domain boundaries are on the same intermediate systems, or that the two topologies are congruent.
One way to solve this problem today is to use IS-IS multi-topology, which allows the IPv6 and IPv4 routing information to be carried in separate TLVs so two different Link State Databases (LSDBs), so each IS can compute a different Shortest Path Tree (SPT), one for IPv4, and another for IPv6. Some engineers might find the concept of multi-topology confusing, and it seems like it might be overkill for other use cases. For instance, perhaps you do Continue reading
Capgemini Cites Biz Model, Pricing as Hurdles to Serverless Adoption
Confusion in the serverless market could push out broad adoption by two years.
Why leave a vendor job….twice?
Over the past few months I’ve been working hard on my new start-up company PeakFactory, it’s going really well, but for this post I want to focus on the reason why I chose to leave the companies I used to work for. I thought this was relevant, as many people have asked me why, but also in general there is a lot of discussion how to advance your career in different directions.
Why leave a comfortable and good job at all?
Back in 2013 I was working in a very good position, where I had a lot of freedom in choosing the customers I’d like to work on and was involved in all technical aspects of a project (pre-sales, proof of concepts, implementation and support). Still I had this feeling that I wanted to explore more an different areas for a wider audience. Which is why I decided to start working for a networking vendor. My main reason for choosing a vendor is that I could leverage my experience in the technology and apply it for a wider audience (maybe even worldwide)
Why work for Cisco and Juniper?
In early 2014 I got in touch with Cisco and I left Continue reading
It’s the ‘Telecom’ Infra Project, Not the ‘Facebook’ Infra Project
The open optical group has been the most prominent work of TIP, so far.
Marz Systems: Moving to the Oracle Cloud Doubled ERP Performance, Cut Costs
Reports that ran for 25 minutes on-prem took 12 minutes in Oracle Cloud.
MEC May Be As Disruptive as 5G, SDN or NFV, iGR Research Says
MEC marries the data center and the radio.
CRI-O Released as a Slim Runtime Focused on Kubernetes
The new runtime is an alternative to Docker's Moby.
NetDevOps: what does it even mean?
Move over “selfie” — “NetDevOps” is the hottest buzzword that everybody is talking about! It’s so popular that the term even has its own hashtag on Twitter. But when you take the word out of social media, does anyone really know what it means? Or how this perfect portmanteau can revolutionize your data center? Let’s take a moment to discuss what NetDevOps really is all about. In this post, we’ll go over the definition, the best practices, and the tech that best incorporates NetDevOps. Now, when you see #NetDevOps appear on your feed, you can tweet it out with confidence.
What does it all mean?
If you understand the basic principles of DevOps, then congratulations! You’re two-thirds of the way to grasping the concept of NetDevOps. For the uninitiated, DevOps embraces the ideology of interoperability and communication between the development and operations teams in order to break down silos and create better products. The movement also encourages automation and monitoring in order to increase efficiency and reduce error.
DevOps is certainly a great movement, but like the VCR and the DVD player, something new came along and improved upon it. This is where NetDevOps comes in. So, what exactly is Continue reading
Network Break 157: Cisco Launches ACI 3.0; More Security Blues
This week's Network Break analyzes tech news from Cisco, HPE, Dell, and more. The post Network Break 157: Cisco Launches ACI 3.0; More Security Blues appeared first on Packet Pushers.
Aruba Wireless Network Quadruples Lorien Health Services’ WiFi Speed
The senior health care organization deployed about 400 Aruba access points.
Worth Reading: The Largest Hole in Cloud Security
The post Worth Reading: The Largest Hole in Cloud Security appeared first on rule 11 reader.
KRACK WPA2 Vulnerability Announced – Upgrade Now
If you haven’t already heard about the KRACK (Key Reinstallation Attack) vulnerability announced today, head over to the information page at https://www.krackattacks.com/ as quick as your fingers will take you because Mathy Vanhoef of imec-DistriNet has found a vulnerability in the WPA2 protocol which has a very wide impact.
KRACK Attack
The challenge here is that for this isn’t a bug in any particular implementation or commonly-used library; rather, it’s a vulnerability in the protocol itself which means that any correct implementation of the protocol is vulnerable. This also does not just apply to wireless access points; remember that most cell phones can also act as wireless APs for purposes of wireless tethering, so they may be vulnerable too.
Impressively, a number of vendors have released code which has been patched for the vulnerability today, and a number of vendors included fixes before today’s public announcement. However, those are useless if people don’t install the upgrades. I strongly advise going now and finding what your wireless vendor has done, and installing any available patched code.
Ubiquiti Update
Since I know you’re all following my Ubiquiti experiences, I’ll note that UBNT released code Continue reading
Network Automation: Leaky Abstractions
I hear people talk about leaky abstractions all the time. I’m not sure that some of the people that use it have researched the term.
As network-automation blurs the line between software and networking, terms like this are used more commonly than you might expect.
When you hear someone say ‘leaky abstraction’, what does it really mean? This question drove me to a little research effort.
The term ‘leaky abstraction‘ was popularised in 2002 by Joel Spolsky. I totally misunderstood this statement when I first heard it, so naturally the researcher in me went off trawling the web to get a more correct view.
My original and misinformed understanding is explained in the example below.
The Example
Taking the example of a car, the abstraction interface or vehicle controls allows a user to manoeuvre the vehicle between a start and end point whilst keeping the passenger as comfortable as possible.
A car has air modification capability, human body heaters and it can even project audio to your ears. Most vehicles have an on switch (engine start or power switch), they have directional and velocity controls that come in the form of a steering wheel, a set of pedals Continue reading